Cornhill Capital strongly believe in protecting the confidentiality and security of your personal and financial information. This enable us to provide you with a secure website for your transactions.
- Who we are
- The information we collect
- How and why we use your information
- Your consent
- Who we share your information with
- Security and Storage of Personal Information
- Your rights and transparency
- How to make a complaint
- How you can contact us
- Other websites
- Cookies Policy
Who we are
We are the Data Controller of your information.
The information we collect
In order that we can provide you with a service that meets your precise financial needs we obtain certain information about your personal and financial situation.
We collect the following types of information:
- Internal Protocol (IP) address. This information is collected passively when you use our website or client portal.
- Use of our website. This information is collected through cookies as further explained in our Cookies Policy.
- Identity details. This information is collected directly from you when you complete our forms on our website or provide information directly to us. This includes:
- Name, address and contact details including but not limited to phone number and email address;
- Date of birth and gender;
- Professional and employment details;
- ID and/or passport number;
- National/tax identification number;
- Information about your income and wealth including details about your assets and liabilities, account balance, tax and financial statements;
- Trading history and performance;
- Any other similar information.
We will also collect the above data from potential, current and former employees, along with the additional information below:
- Your CV and interview notes;
- Your contract of employment and any amendments;
- Bank details;
- Next of kin contact details;
- Records of holiday, sickness or any other absences;
- Information for our equal opportunities monitoring policy;
- Certain medical conditions which could endanger your life if we are not aware of it;
- Records relating to your career history i.e. appraisals, training and any disciplinary or grievance data; and
- Termination of employment letters and data.
How and why we use your information
Data Protection law states that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way.
- Collected only valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
We only ever use your information where:
- We have determined that we have a legitimate business interest in doing so and your right to privacy is not overridden (you have the right to object to this should you wish);
- we need to do so as part of performance of our contract with you or to take steps at your request in order to enter into such contract;
- where we have a legal obligation to do so; or
- you have provided your consent for a specific purpose (which you may withdraw at any time).
Where you wish to enter into or have signed a contract with us to provide products and services, we will use your information to enable us to enter into and perform the contract. For our clients, the use of your information may be required in order to fulfil our contractual or regulatory obligations. Therefore, if you do not provide this information or restrict our use of it then we may not be able to provide certain services to you.
Please note that we keep records of your trading history including:
- products you trade and their performance
- products we trade on your behalf and their performance
- historical data about the trades and investments you made including the amount invested
- your preference for certain types of services and products
We may record any communications, electronic, by telephone, in person or otherwise, that we have with you in relation to the services we provide to you and our relationship with you. These recordings will be our sole property and constitute evidence of the communications between us. Any telephone conversation may be recorded without the use of a warning tone or any other further notice. Please note that our offices or premises may have CCTV which will record your image.
We have a legitimate business interest to use the information we collect from you for the following purposes:
To identify you
We will need to verify your identity to set you up as a customer and we will need to use those details in order to effectively manage your account with us to ensure that you are getting the best possible service from us. This may include third parties carrying out credit or identity checks on our behalf. It is in our legitimate interest to do so and the use of your personal information in this way is necessary for us to know who you are as we also have a legal obligation to comply with certain Know Your Customer regulations.
This information is recorded within our customer relationship and portfolio management systems.
To communicate with you
We use the contact information you provide so that we may appropriately communicate with you in the course of providing services to you or providing you with the information that you request from us.
To determine the suitability of certain products and services for you
We use the following information you provide so that the services we offer you more precisely fit your financial requirements:
- employment details;
- family details;
- information regarding your current health condition, which we use for internal purposes only;
- associated third parties (such as your spouse, children or beneficiaries of trusts);
- your financial experience and background with investment;
- financial details (such as source of wealth, existing investments, tax returns or bank details).
We also use your information to assess your attitude to risk to help us determine the appropriate products and services to discuss with you. As this process involves us creating a profile of your risk appetite, you have the right to object to us doing so, however this may limit our ability to provide you with products and services.
To comply with our legal and regulatory obligations
In certain circumstances, we use your information (only to the extent required) in order to enable us to comply with our legal obligations, including share your information with law enforcement agencies, regulators (for example, the Financial Conduct Authority), courts or other public authorities if required to do so by law.
For potential, current and former employees we will keep and use the personal data to enable us to fulfil our contractual and legal obligations, enable us to pay you, process and provide your benefits and complete statutory reporting, i.e. to the HMRC.
For marketing purposes
We may collect your name and contact details in order to send you information about our products and services which you might be interested in. We may collect this directly from you, or through a third party. If a third party collected your name and contact details, they will only pass those details to us for marketing purposes if you have consented to them doing so.
You always have the right to ‘opt out’ of us making contact for marketing purposes or sending you marketing materials at any time. This can be done by either contacting us or simply unsubscribing from any future marketing email you receive.
To investigate and respond to complaints and disputes
Where we consider there to be a risk that we may need to defence or bring legal claims, we may retain your personal information for as long as necessary. We may also need to share this information with our insurers or legal advisers. How long we keep this information for will depend on the nature or the claim and how long we consider there to be a risk that we will need to defend or bring a claim.
For internal business purposes and Record Keeping
We use your information as part of our internal business processes which may include business and disaster recovery, document retention/storage, IT service continuity (e.g. back-ups and helpdesk assistance) to ensure the quality and reliability of the services we provide to you. We will also keep records to ensure that you comply with your obligations under any contract you have entered into with us.
To track interaction with our website and emails
Our web pages and emails may contain web beacons or pixel tags or any other similar type of data analysis tools which allow us to track receipt of correspondence and to count the number of users that have visited our webpage or opened our correspondence. Where your personal information is completely anonymised, we do not require a legal basis as the information will no longer constitute personal information. However, where your personal information is not in an anonymised form, it is in our legitimate interest to continually evaluate that personal information to ensure that the products and services we provide are relevant to the market.
We may from time to time use personal information about you to form profiles about you so that we understand your needs and provide the very best products and services we can. We may also make decisions about you through automated profiling or automated credit checks which could affect your ability to use our services.
Where the use of your personal information by us requires your consent, such consent will be provided in accordance with the applicable customer terms and conditions available on our website or any other contract we may have entered into with you or stipulated in our communication with you from time to time.
Where we rely on your consent as our legal basis for processing your personal information, you have the right to withdraw your consent at any time by contacting us using the contact details set out below.
Who we share your information with
To fulfil our commitments to you, we share your information with several third party organisations who perform certain tasks on our behalf. Information is only shared with these third parties to the extent necessary in order to enable them to provide the services required on our behalf. These third parties act on our instructions and are processors of your information.
We may share your personal information with other entities in our group as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise, and for system maintenance support and hosting of data.
We also may share your information with third parties you have a direct contractual relationship with (such as your appointed agent) or to assist in facilitating your acquisition of a third party’s products and services. In these instances the third party is likely to also be a controller of your information for their own purposes. We ensure that we have in place strong data sharing protocols with these third parties to govern and guide the sharing of your information in these circumstances.
In addition, we meet our regulatory and reporting obligations, we may be required to share your information with:
- the FCA and any regulatory or tax authority we may be subject to.
We require all third party processors to take appropriate steps to protect your information and only use your information for the purposes of performing the relevant services.
Disclosure of Personal Data and Transfer outside of the European Economic Area
In some instances we may transfer your personal information outside the European Economic Area. In these instances we require that third parties who handle or obtain your personal information acknowledge the confidentiality of this information, to respect any individual’s right to privacy and comply with all relevant data protection laws along with this privacy notice.
For potential, current and former employees
We will share your personal data with our employees, agents and/or professional advisors and with third party firms in order to fulfil our contractual and legal obligations to you. These include but are not limited to payroll, benefit providers, regulators and background check firms.
Security and Storage of Personal Information
Where appropriate, we use encryption or other security measures which we deem appropriate to protect your information. We also review our security procedures periodically to consider appropriate new technology and updated methods. But, despite our reasonable efforts, no security measure can ever be perfect or impenetrable.
We hold personal information in secure computer storage facilities, paper-based files and/or other records. When we consider that personal information is no longer needed, we will remove any details that will identify you and we will securely destroy the records. Please note that we are subject to certain laws and regulations which require us to retain a copy of the documents we used to comply with our customer due diligence obligations, and supporting evidence and records of transactions with you and your relationship with us for a period of six years after our relationship with you has terminated. Personal information held in the form of a deed is subject to a storage period of twelve years after our relationship with you has terminated.
If we hold any personal information in the form of a recorded communication, by telephone, electronic, in person or otherwise, this information will be held in line with local regulatory requirements which will either be five or ten years after our relationship with you has terminated. Where you have opted out of receiving marketing communication we will hold your details on our suppression list so that we know that you do not want to receive these communications.
Your rights and transparency
You have the following rights regarding your information:
|Right to correct your information||You are entitled to have your information corrected if it is inaccurate or incomplete. A|
If you tell us in writing that the information we hold on you is incorrect, we will review it and if we agree with you, we will correct our records within one month unless the request is deemed as complex. Due to legal privilege, we may not be able to show you anything that we learned in connection with a claim or legal proceeding.
On an annual basis we carry out a review of your data, otherwise known as an Annual Client Review, to ensure we hold the most up to date information about you.
|Right to erasure||This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it. Please note, there are exceptions to this (for example, we have the right to continue using your information if such usage is necessary for compliance with our legal obligations).|
|Right to restrict processing||You have the right to ‘block’ or suppress further use of your information in certain circumstances (for example, where you think the information we are using about you is inaccurate, whilst we verify its accuracy). When usage is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.|
|Right to data portability||You have the right to obtain and reuse your information in a structured, commonly used and machine-readable format in certain circumstances when we use your information on certain legal grounds, such as consent. In addition, where certain conditions apply, you have the right to have such information transferred directly to a third party.|
The right to data portability does not apply to information which it is necessary for us to process for our organisation’s legitimate purposes. Please see the section How and why we use your information to read about the circumstances in which we use your information on the basis of consent or for our organisation’s legitimate purposes.
|Right to object to processing on the grounds of legitimate interests||You have the right to object to us using your information for our organisation’s legitimate purposes. Please see the section How and why we use your information to read about the circumstances in which we use your information for our organisation’s legitimate purposes.|
You also have the right to object to us using your information to create a profile of your risk appetite.
|Right to withdraw consent to processing||If you have given your consent to us to use your information for a particular purpose, you have the right to withdraw your consent at any time (although if you do so, it does not mean that any use of your information up to that point is unlawful).|
For processing activities where we rely on your consent, you are able to withdraw consent that consent at any time. This can be done by contacting your Cornhill Capital representative or by contacting our Data Protection Officer.
|Right to make a complaint to the data protection authorities||If you are unhappy with how we have handled your information or believe our use of your information does not comply with data protection law you have the right to make a complaint. This complaint will be lodged with your national data protection supervisory authority (if you are in the UK, this will be the Information Commissioner’s Office (ICO))|
For more information about your rights or if you would like to exercise any of your rights, you are welcome to contact us at the contact details set out on our website under the ‘Contact Us’ section.
How to make a complaint
We try to meet the highest standards when collecting and using information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
If you want to make a complaint about how we have handled your information, please contact the Data Protection Officer at:
Cornhill Capital Limited
4th Floor, 18 St Swithins Lane, London, EC4N 8AD
If you are not satisfied with our response to your complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the Information Commissioner's Office (ICO) through:
- Writing to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF;
- Calling: 0303 123 1113; or
- Submitting a message through the ICO’s website at: ico.org.uk
How you can contact us
You can contact us by contacting our Data Protection Officer at:
Cornhill Capital Limited
4th Floor, 18 St Swithins Lane, London, EC4N 8AD
We are registered as a data controller with the Office of the Information Commissioner. Our registration details can be found here.
Cookies are small files that collect anonymous information about how visitors use our site, which is then used to help improve the site. The information collected includes the number of site visitors, where visitors come to the site from and the pages they visited. For further information visit www.aboutcookies.org. Please note that by deleting our cookies or disabling future cookies some of the features of this site may not work as intended.